{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,14]],"date-time":"2025-10-14T07:00:18Z","timestamp":1760425218891},"publisher-location":"Berlin, Heidelberg","reference-count":39,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783642398902"},{"type":"electronic","value":"9783642398919"}],"license":[{"start":{"date-parts":[[2013,1,1]],"date-time":"2013-01-01T00:00:00Z","timestamp":1356998400000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2013]]},"DOI":"10.1007\/978-3-642-39891-9_5","type":"book-chapter","created":{"date-parts":[[2013,10,1]],"date-time":"2013-10-01T05:28:17Z","timestamp":1380605297000},"page":"66-80","source":"Crossref","is-referenced-by-count":2,"title":["Towards Automated Malware Behavioral Analysis and Profiling for Digital Forensic Investigation Purposes"],"prefix":"10.1007","author":[{"given":"Ahmed F.","family":"Shosha","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Joshua I.","family":"James","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Alan","family":"Hannaway","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Chen-Ching","family":"Liu","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Pavel","family":"Gladyshev","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","reference":[{"key":"5_CR1","doi-asserted-by":"crossref","unstructured":"Yin, H., et al.: Panorama: Capturing System-wide Information Flow for Malware Detection and Analysis. In: Proceedings of the 14th ACM Conference on Computer and Communications Security (2007)","DOI":"10.1145\/1315245.1315261"},{"key":"5_CR2","unstructured":"Yin, H., Liang, Z., Song, D.: HookFinder: Identifying and Understanding Malware Hooking Behaviors. In: Proceedings of Distributed System Security Symposium (2008)"},{"key":"5_CR3","unstructured":"Kolbitsch, C., et al.: Effective and Efficient Malware Detection at the End Host. In: Proceedings of the 18th Conference on USENIX Security Symposium (2009)"},{"key":"5_CR4","doi-asserted-by":"crossref","unstructured":"Vasudevan, A., Yerraballi, R.: Cobra: Fine-grained Malware Analysis using Stealth Localized-Executions. In: Proceedings of IEEE Symposium on Security and Privacy (2006)","DOI":"10.1109\/SP.2006.9"},{"key":"5_CR5","doi-asserted-by":"crossref","unstructured":"Dinaburg, A., et al.: Ether: Malware Analysis Via Hardware Virtualization Extensions. In: Proceedings of the 15th ACM Conference on Computer and Communications Security (2008)","DOI":"10.1145\/1455770.1455779"},{"key":"5_CR6","unstructured":"Lanzi, A., Sharif, M., Lee, W.: K-Tracer: A System for Extracting Kernel Malware Behavior. In: Proceedings of the 16th Annual Network and Distributed System Security Symposium (2009)"},{"issue":"1","key":"5_CR7","doi-asserted-by":"publisher","first-page":"67","DOI":"10.1007\/s11416-006-0012-2","volume":"2","author":"U. Bayer","year":"2006","unstructured":"Bayer, U., et al.: Dynamic Analysis of Malicious Code. Journal in Computer Virology\u00a02(1), 67\u201377 (2006)","journal-title":"Journal in Computer Virology"},{"key":"5_CR8","unstructured":"Christodorescu, M., Jha, S.: Static Analysis of Executables to Detect Malicious Patterns. In: Proceedings of the 12th USENIX Security Symposium (2003)"},{"key":"5_CR9","doi-asserted-by":"crossref","unstructured":"Moser, A., Kruegel, C., Kirda, E.: Limits of Static Analysis for Malware Detection. In: Proceedings of Computer Security Applications Conference (2007)","DOI":"10.1109\/ACSAC.2007.4413008"},{"issue":"2","key":"5_CR10","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/2089125.2089126","volume":"44","author":"M. Egele","year":"2012","unstructured":"Egele, M., et al.: A Survey on Automated Dynamic Malware Analysis Techniques and Tools. ACM Comput. Surv.\u00a044(2), 1\u201342 (2012)","journal-title":"ACM Comput. Surv."},{"key":"5_CR11","unstructured":"Farmer, D., Venema, W.: Forensic Discovery. Addison-Wesley (2005)"},{"key":"5_CR12","doi-asserted-by":"crossref","unstructured":"Nance, K., Bishop, M., Hay, B.: Virtual Machine Introspection: Observation or Interference? In: IEEE Security and Privacy (2008)","DOI":"10.1109\/MSP.2008.134"},{"key":"5_CR13","unstructured":"Sharif, M., et al.: Impeding Malware Analysis Using Conditional Code Obfuscation. In: Proceedings of the Network and Distributed System Security Symposium (2008)"},{"key":"5_CR14","doi-asserted-by":"crossref","unstructured":"You, I., Yim, K.: Malware Obfuscation Techniques: A Brief Survey. In: Proceedings of the Int. Conf. on Broadband, Wireless Company (2010)","DOI":"10.1109\/BWCCA.2010.85"},{"key":"5_CR15","unstructured":"Balzarotti, D., et al.: Efficient Detection of Split Personalities in Malware. In: Symposium on Network and Distributed System Security (NDSS) (2010)"},{"key":"5_CR16","doi-asserted-by":"crossref","unstructured":"Moser, A., Kruegel, C., Kirda, E.: Exploring Multiple Execution Paths for Malware Analysis. In: IEEE Symposium on Security and Privacy (2007)","DOI":"10.1109\/SP.2007.17"},{"key":"5_CR17","doi-asserted-by":"crossref","unstructured":"Shosha, A.F., James, J.I., Gladyshev, P.: A Novel Methodology for Malware Intrusion Attack Path Reconstruction. In: Gladyshev, P., Rogers, M.K. (eds.) ICDF2C 2011. LNICST, vol. 88, pp. 131\u2013140. Springer, Heidelberg (2012)","DOI":"10.1007\/978-3-642-35515-8_11"},{"key":"5_CR18","doi-asserted-by":"crossref","unstructured":"Gladyshev, P., Patel, A.: Finite State Machine Approach to Digital Event Reconstruction. In: Digital Investigation (2004)","DOI":"10.1016\/S1742-2876(04)00027-1"},{"key":"5_CR19","doi-asserted-by":"crossref","unstructured":"Forrest, S., Hofmeyr, S., Somayaji, A.: The Evolution of System-Call Monitoring. In: Proceedings of the Annual Computer Security Applications Conference (2008)","DOI":"10.1109\/ACSAC.2008.54"},{"key":"5_CR20","doi-asserted-by":"crossref","unstructured":"Mutz, D., et al.: Anomalous System Call Detection. ACM Trans. Information System Security (2006)","DOI":"10.1145\/1127345.1127348"},{"key":"5_CR21","doi-asserted-by":"crossref","unstructured":"Riley, R., Jiang, X., Xu, D.: Multi-Aspect Profiling of Kernel Rootkit Behavior. In: Proceedings of the 4th ACM European Conference on Computer Systems (2009)","DOI":"10.1145\/1519065.1519072"},{"key":"5_CR22","doi-asserted-by":"crossref","unstructured":"Rhee, J., Lin, Z., Xu, D.: Characterizing Kernel Malware Behavior With Kernel Data Access Patterns. In: Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security (2011)","DOI":"10.1145\/1966913.1966940"},{"key":"5_CR23","unstructured":"Malin, C., Casey, E., Aquilina, J.: Malware Forensics: Investigating and Analyzing Malicious Code. Syngress (2008)"},{"key":"5_CR24","unstructured":"Newsome, J., Song, D.: Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software. In: Proceedings of Network and Distributed System Security Symposium (NDSS) (2005)"},{"key":"5_CR25","doi-asserted-by":"crossref","unstructured":"Schwartz, E., Avgerinos, T., Brumley, D.: All You Ever Wanted to Know About Dynamic Taint Analysis and Forward Symbolic Execution. In: IEEE Symposium on Security and Privacy (Oakland 2010) (2010)","DOI":"10.1109\/SP.2010.26"},{"key":"5_CR26","unstructured":"Volatility.: An Advanced Memory Forensics Framework (2012), \n                    \n                      https:\/\/www.volatilesystems.com\/default\/volatility"},{"key":"5_CR27","doi-asserted-by":"crossref","unstructured":"Dolan-Gavitt, B.: The VAD Tree: A Process-Eye View of Physical Memory. In: Digital Investigation (2007)","DOI":"10.1016\/j.diin.2007.06.008"},{"key":"5_CR28","doi-asserted-by":"crossref","unstructured":"Schuster, A.: Searching for Processes and Threads in Microsoft Windows Memory Dumps. In: Proceedings of the 6th Annual Digital Forensic Research Workshop (2006)","DOI":"10.1016\/j.diin.2006.06.010"},{"key":"5_CR29","unstructured":"Marrington, A., et al.: A Model for Computer Profiling. In: The Third International Workshop on Digital Forensics (2010)"},{"key":"5_CR30","unstructured":"Hoglund, G.: Rootkits: Subverting the Windows Kernel. Addison-Wesley (2005)"},{"key":"5_CR31","doi-asserted-by":"crossref","unstructured":"Wang, Z., et al.: Countering Kernel Rootkits With Lightweight Hook Protection. In: Proceedings of the 16th ACM Conference on Computer and Communications Security (2009)","DOI":"10.1145\/1653662.1653728"},{"key":"5_CR32","unstructured":"Russinovich, M.: Windows Internals. Microsoft Press (2009)"},{"key":"5_CR33","doi-asserted-by":"crossref","unstructured":"Dolan-Gavitt, B., et al.: Robust Signatures for Kernel Data Structures. In: Proceedings of the 16th ACM Conference on Computer and Communications Security (2009)","DOI":"10.1145\/1653662.1653730"},{"key":"5_CR34","unstructured":"Clarke, E., Grumberg, O., Peled, D.: Model Checking. MIT Press (2000)"},{"key":"5_CR35","unstructured":"Bellard, F.: QEMU, A Fast and Portable Dynamic Translator. In: Proceedings of the Annual Conference on USENIX Annual Technical Conference (2005)"},{"key":"5_CR36","doi-asserted-by":"crossref","unstructured":"Van Baar, R.B., Alink, W., Van Ballegooij, A.R.: Forensic Memory Analysis: Files Mapped in Memory. Digital Investigation (2008)","DOI":"10.1016\/j.diin.2008.05.014"},{"key":"5_CR37","doi-asserted-by":"crossref","unstructured":"Binsalleeh, H., et al.: On the Analysis of the Zeus Botnet Crimeware Toolkit. In: Proceedings of the Eighth Annual International Conference on Privacy Security and Trust (2010)","DOI":"10.1109\/PST.2010.5593240"},{"key":"5_CR38","doi-asserted-by":"crossref","unstructured":"Shosha, F.A., James, J., Chen-Ching, L., Gladyshev, P.: Evasion-Resistant Malware Signature Based on Profiling Kernel Data Structure Objects. In: Proceedings of the 7th Intl. Conference on Risks and Security of Internet Systems (CRiSIS) (2012)","DOI":"10.1109\/CRISIS.2012.6378949"},{"key":"5_CR39","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"388","DOI":"10.1007\/978-3-642-33338-5_26","volume-title":"Research in Attacks, Intrusions, and Defenses","author":"A.F. Shosha","year":"2012","unstructured":"Shosha, A.F., James, J.I., Liu, C.-C., Gladyshev, P.: Towards Automated Forensic Event Reconstruction of Malicious Code (Poster abstract). In: Balzarotti, D., Stolfo, S.J., Cova, M. (eds.) RAID 2012. LNCS, vol.\u00a07462, pp. 388\u2013389. Springer, Heidelberg (2012)"}],"container-title":["Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering","Digital Forensics and Cyber Crime"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-39891-9_5","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,17]],"date-time":"2019-05-17T17:33:25Z","timestamp":1558114405000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-39891-9_5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2013]]},"ISBN":["9783642398902","9783642398919"],"references-count":39,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-39891-9_5","relation":{},"ISSN":["1867-8211","1867-822X"],"issn-type":[{"type":"print","value":"1867-8211"},{"type":"electronic","value":"1867-822X"}],"subject":[],"published":{"date-parts":[[2013]]}}}